security-review-owasp-deserialization
CommunityStop unsafe deserialization before release
Software Engineering#python#owasp#java#deserialization#security-review#polymorphic-typing#gadget-chain
Authorsjinks
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps reviewers find unsafe deserialization paths that can lead to remote code execution, gadget-chain abuse, or arbitrary type materialization.
Core Features & Use Cases
- Reviews native object streams, pickle, unserialize, binary serializers, and polymorphic type handling.
- Checks request handlers, queues, file loaders, caches, and database reads that accept untrusted serialized data.
- Useful when validating library configuration, class allowlists, custom deserializers, signed payload handling, or migrations away from native object serialization.
Quick Start
Ask the skill to review the specified code, configuration, or service for deserialization risks and focus it on the relevant language or files.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-review-owasp-deserialization Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-deserialization Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.